Hand-Picked Top-Read Stories

NetScaler 13.1 Build 52.19 is unable to send packets properly on a specific KVM platform.

50 views

Storefront: Citrix Storeweb URL should have custom error page

44 views

Citrix uberAgent Security Bulletin for CVE-2024-6677

45 views

Trending Tags

VMware Virtualisation

713 views

2 minute read

VMSA-2022-0033

14 December 2022

Critical

Advisory ID:
VMSA-2022-0033

CVSSv3 Range:
5.9-9.3

Issue Date:
2022-12-13

Updated On:
2022-12-13 (Initial Advisory)

CVE(s):
CVE-2022-31705

Synopsis:
VMware ESXi, Workstation, and Fusion updates address a heap out-of-bounds write vulnerability (CVE-2022-31705)

1. Impacted Products

VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation

2. Introduction

A heap out-of-bounds write vulnerability in VMware ESXi, Workstation, and Fusion was privately reported to VMware. Updates and workarounds are available to remediate this vulnerability in affected VMware products.

3. Heap out-of-bounds write vulnerability in EHCI controller (CVE-2022-31705)

Description

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

Known Attack Vectors

A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

Resolution

To remediate CVE-2022-31705 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds

Workarounds for CVE-2022-31705 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

Additional Documentation

None.

Acknowledgements

VMware would like to thank the organizers of GeekPwn 2022 and Yuhao Jiang for reporting this issue to us.

Notes

None.

Response Matrix:

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
ESXi	8.0	Any	CVE-2022-31705	5.9	moderate	ESXi80a-20842819	KB87617	None
ESXi	7.0	Any	CVE-2022-31705	5.9	moderate	ESXi70U3si-20841705	KB87617	None
Fusion	13.x	OS X	CVE-2022-31705	N/A	N/A	Unaffected	N/A	N/A
Fusion	12.x	OS X	CVE-2022-31705	9.3	critical	12.2.5	KB79712	None
Workstation	17.x	Any	CVE-2022-31705	N/A	N/A	Unaffected	N/A	N/A
Workstation	16.x	Any	CVE-2022-31705	9.3	critical	16.2.5	KB79712	None

Impacted Product Suites that Deploy Response Matrix Components:

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
Cloud Foundation (ESXi)	4.x/3.x	Any	CVE-2022-31705	5.9	moderate	KB90336	KB87617	None

4. References

VMware ESXi 8.0 ESXi80a-20842819
Downloads and Documentation:
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-80a-release-notes/index.html

VMware ESXi 7.0 ESXi70U3si-20841705
Downloads and Documentation:
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3i-release-notes.html

VMware Workstation 16.2.5
https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_workstation_pro/16_0
https://docs.vmware.com/en/VMware-Workstation-Pro/16.2.5/rn/vmware-workstation-1625-pro-release-notes/index.html

VMware Fusion 12.2.5
Downloads and Documentation:
https://customerconnect.vmware.com/downloads/info/slug/desktop_end_user_computing/vmware_fusion/12_0
https://docs.vmware.com/en/VMware-Fusion/12.2.5/rn/vmware-fusion-1225release-notes/index.html

KBs:
https://kb.vmware.com/s/article/87617
https://kb.vmware.com/s/article/79712
https://kb.vmware.com/s/article/90336

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31705

FIRST CVSSv3 Calculator:
CVE-2022-31705
ESXi: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Workstation/Fusion: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

5. Change Log

2022-12-13 VMSA-2022-0033
Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org

E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055

VMware Security Advisories
https://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC

Copyright 2022 VMware Inc. All rights reserved.

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Previous Post

VMware Virtualisation

VMSA-2022-0032

14 December 2022

Next Post

Citrix

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518

14 December 2022